Total
1125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
| CVE-2020-10079 | 1 Gitlab | 1 Gitlab | 2020-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. | |||||
| CVE-2020-6964 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2020-03-17 | 5.0 MEDIUM | 8.6 HIGH |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network. | |||||
| CVE-2020-5328 | 1 Dell | 1 Emc Isilon Onefs | 2020-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. | |||||
| CVE-2020-5326 | 1 Dell | 348 Chengming 3980, Chengming 3980 Firmware, Embedded Box Pc 5000 and 345 more | 2020-03-03 | 2.1 LOW | 5.3 MEDIUM |
| Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. | |||||
| CVE-2020-6186 | 1 Sap | 1 Host Agent | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | |||||
| CVE-2020-6769 | 1 Bosch | 8 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 3000 and 5 more | 2020-02-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. | |||||
| CVE-2019-5077 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2020-02-10 | 8.5 HIGH | 9.1 CRITICAL |
| An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2019-13549 | 2 Carel, Rittal | 2 Pcoweb Firmware, Chiller Sk 3232 | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. | |||||
| CVE-2019-4551 | 1 Ibm | 1 Security Directory Server | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953. | |||||
| CVE-2011-4322 | 1 Websitebaker | 1 Websitebaker | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| websitebaker prior to and including 2.8.1 has an authentication error in backup module. | |||||
| CVE-2020-3142 | 1 Cisco | 1 Webex Meetings Online | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3. | |||||
| CVE-2019-16003 | 1 Cisco | 1 Ucs Director | 2020-01-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. | |||||
| CVE-2019-20143 | 1 Gitlab | 1 Gitlab | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. | |||||
| CVE-2019-16271 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication. | |||||
| CVE-2014-3449 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability | |||||
| CVE-2018-20507 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-5078 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2019-12-27 | 9.4 HIGH | 9.1 CRITICAL |
| An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2019-5080 | 1 Wago | 4 Pfc 100, Pfc 100 Firmware, Pfc 200 and 1 more | 2019-12-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2019-8682 | 1 Apple | 2 Iphone Os, Watchos | 2019-12-20 | 2.1 LOW | 2.4 LOW |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen. | |||||